Extract the remote host from user input in share dropdown

Fix #13678
This commit is contained in:
Joas Schilling 2015-02-02 19:54:56 +01:00
parent 0d8b3afc32
commit b180724cd0
3 changed files with 82 additions and 1 deletions

View file

@ -221,4 +221,34 @@ class Helper extends \OC\Share\Constants {
return $expires;
}
/**
* Extracts the necessary remote name from a given link
*
* Strips away a potential file name, to allow
* - user
* - user@localhost
* - user@http://localhost
* - user@http://localhost/
* - user@http://localhost/index.php
* - user@http://localhost/index.php/s/{shareToken}
*
* @param string $shareWith
* @return string
*/
public static function fixRemoteURLInShareWith($shareWith) {
if (strpos($shareWith, '@')) {
list($user, $remote) = explode('@', $shareWith, 2);
$remote = str_replace('\\', '/', $remote);
if ($fileNamePosition = strpos($remote, '/index.php')) {
$remote = substr($remote, 0, $fileNamePosition);
}
$remote = rtrim($remote, '/');
$shareWith = $user . '@' . $remote;
}
return rtrim($shareWith, '/');
}
}

View file

@ -724,7 +724,7 @@ class Share extends \OC\Share\Constants {
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
\OCP\Security\ISecureRandom::CHAR_DIGITS);
$shareWith = rtrim($shareWith, '/');
$shareWith = Helper::fixRemoteURLInShareWith($shareWith);
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
$send = false;

View file

@ -49,4 +49,55 @@ class Test_Share_Helper extends \Test\TestCase {
$result = \OC\Share\Helper::calculateExpireDate($defaultExpireSettings, $creationTime, $userExpireDate);
$this->assertSame($expected, $result);
}
public function fixRemoteURLInShareWithData() {
$userPrefix = ['test@', 'na/me@'];
$protocols = ['', 'http://', 'https://'];
$remotes = [
'localhost',
'test:foobar@localhost',
'local.host',
'dev.local.host',
'dev.local.host/path',
'127.0.0.1',
'::1',
'::192.0.2.128',
];
$testCases = [
['test', 'test'],
['na/me', 'na/me'],
['na/me/', 'na/me'],
['na/index.php', 'na/index.php'],
['http://localhost', 'http://localhost'],
['http://localhost/', 'http://localhost'],
['http://localhost/index.php', 'http://localhost/index.php'],
['http://localhost/index.php/s/token', 'http://localhost/index.php/s/token'],
['http://test:foobar@localhost', 'http://test:foobar@localhost'],
['http://test:foobar@localhost/', 'http://test:foobar@localhost'],
['http://test:foobar@localhost/index.php', 'http://test:foobar@localhost'],
['http://test:foobar@localhost/index.php/s/token', 'http://test:foobar@localhost'],
];
foreach ($userPrefix as $user) {
foreach ($remotes as $remote) {
foreach ($protocols as $protocol) {
$baseUrl = $user . $protocol . $remote;
$testCases[] = [$baseUrl, $baseUrl];
$testCases[] = [$baseUrl . '/', $baseUrl];
$testCases[] = [$baseUrl . '/index.php', $baseUrl];
$testCases[] = [$baseUrl . '/index.php/s/token', $baseUrl];
}
}
}
return $testCases;
}
/**
* @dataProvider fixRemoteURLInShareWithData
*/
public function testFixRemoteURLInShareWith($remote, $expected) {
$this->assertSame($expected, \OC\Share\Helper::fixRemoteURLInShareWith($remote));
}
}